Block an IP range of a whole country

^{March 6th, 2022}

Get a list of IP ranges as assigned to a country of your interest, e.g. from a free service of IP2Location.
If it does not offer a format you need, take the CIDR version.
If you're using the Uncomplicated Firwall, ufw, convert CIDR to appropriate commands:

# for IPv4
while read p; do if [[ $p != \#* ]]; then echo "-A ufw-before-input -s $p -j DROP" >> output-ipv4.rules; fi; done < input-cidr-ipv4.txt

# for IPv6
while read p; do if [[ $p != \#* ]]; then echo "-A ufw6-before-input -s $p -j DROP" >> output-ipv6.rules; fi; done < input-cidr-ipv6.txt

Include the rules in the ufw's /etc/ufw/before.rules and /etc/ufw/before6.rules files for the IPv4 and IPv6 entries respectively. Please note, they have to be added after the line # End required lines and before the COMMIT command.
Ensure, you are not about to lock yourself out and reload the ufw by typing ufw reload or restart the service/host.

Please note, in most common setups it does not affect publicly available docker containers and forwarded packets (like in a VPN case). For that use case other tables are to be modified.

Next: ESP8266 Power Considerations

Previous: Eavesdropped using Pegasus

Main Menu